Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. syzkaller login: [ 55.695116][ T8435] [ 55.697462][ T8435] ===================================================== [ 55.697468][ T8435] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 55.697476][ T8435] 5.14.0-rc7-syzkaller #0 Not tainted [ 55.697485][ T8435] ----------------------------------------------------- [ 55.697489][ T8435] syz-executor640/8435 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 55.697507][ T8435] ffff8880167e3038 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x380 [ 55.697563][ T8435] [ 55.697563][ T8435] and this task is already holding: [ 55.697568][ T8435] ffff8880338af018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 55.697609][ T8435] which would create a new lock dependency: [ 55.697615][ T8435] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 55.697651][ T8435] [ 55.697651][ T8435] but this new dependency connects a HARDIRQ-irq-safe lock: [ 55.697658][ T8435] (&dev->event_lock){-...}-{2:2} [ 55.697675][ T8435] [ 55.697675][ T8435] ... which became HARDIRQ-irq-safe at: [ 55.792867][ T8435] lock_acquire+0x1ab/0x510 [ 55.792894][ T8435] _raw_spin_lock_irqsave+0x39/0x50 [ 55.792922][ T8435] input_event+0x7b/0xb0 [ 55.792939][ T8435] psmouse_report_standard_buttons+0x2c/0x80 [ 55.792956][ T8435] psmouse_process_byte+0x1e1/0x890 [ 55.792971][ T8435] psmouse_handle_byte+0x41/0x1b0 [ 55.792991][ T8435] psmouse_interrupt+0x304/0xf00 [ 55.828486][ T8435] serio_interrupt+0x88/0x150 [ 55.833386][ T8435] i8042_interrupt+0x27a/0x520 [ 55.838210][ T8435] __handle_irq_event_percpu+0x303/0x8f0 [ 55.844290][ T8435] handle_irq_event+0x102/0x280 [ 55.849219][ T8435] handle_edge_irq+0x25f/0xd00 [ 55.854043][ T8435] __common_interrupt+0x9d/0x210 [ 55.859045][ T8435] common_interrupt+0x9f/0xd0 [ 55.863785][ T8435] asm_common_interrupt+0x1e/0x40 [ 55.868869][ T8435] acpi_idle_do_entry+0x1c6/0x250 [ 55.873957][ T8435] acpi_idle_enter+0x361/0x500 [ 55.878789][ T8435] cpuidle_enter_state+0x1b1/0xc80 [ 55.884213][ T8435] cpuidle_enter+0x4a/0xa0 [ 55.888702][ T8435] do_idle+0x3e8/0x590 [ 55.893029][ T8435] cpu_startup_entry+0x14/0x20 [ 55.897854][ T8435] start_secondary+0x265/0x340 [ 55.902689][ T8435] secondary_startup_64_no_verify+0xb0/0xbb [ 55.908651][ T8435] [ 55.908651][ T8435] to a HARDIRQ-irq-unsafe lock: [ 55.915726][ T8435] (&f->f_owner.lock){.+.+}-{2:2} [ 55.915743][ T8435] [ 55.915743][ T8435] ... which became HARDIRQ-irq-unsafe at: [ 55.928589][ T8435] ... [ 55.928595][ T8435] lock_acquire+0x1ab/0x510 [ 55.935716][ T8435] _raw_read_lock+0x5b/0x70 [ 55.940279][ T8435] do_fcntl+0x8af/0x1210 [ 55.944583][ T8435] __x64_sys_fcntl+0x165/0x1e0 [ 55.949409][ T8435] do_syscall_64+0x35/0xb0 [ 55.953886][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.959854][ T8435] [ 55.959854][ T8435] other info that might help us debug this: [ 55.959854][ T8435] [ 55.970340][ T8435] Chain exists of: [ 55.970340][ T8435] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 55.970340][ T8435] [ 55.983464][ T8435] Possible interrupt unsafe locking scenario: [ 55.983464][ T8435] [ 55.991803][ T8435] CPU0 CPU1 [ 55.997154][ T8435] ---- ---- [ 56.002511][ T8435] lock(&f->f_owner.lock); [ 56.006989][ T8435] local_irq_disable(); [ 56.013805][ T8435] lock(&dev->event_lock); [ 56.020800][ T8435] lock(&new->fa_lock); [ 56.027539][ T8435] [ 56.031065][ T8435] lock(&dev->event_lock); [ 56.035728][ T8435] [ 56.035728][ T8435] *** DEADLOCK *** [ 56.035728][ T8435] [ 56.043933][ T8435] 8 locks held by syz-executor640/8435: [ 56.049451][ T8435] #0: ffff888021870110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 56.058565][ T8435] #1: ffff8880213c8230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 56.068458][ T8435] #2: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 56.078093][ T8435] #3: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 56.088165][ T8435] #4: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 56.097278][ T8435] #5: ffff8880201e2028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 56.108042][ T8435] #6: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 56.117151][ T8435] #7: ffff8880338af018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 56.126257][ T8435] [ 56.126257][ T8435] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 56.136633][ T8435] -> (&dev->event_lock){-...}-{2:2} { [ 56.142162][ T8435] IN-HARDIRQ-W at: [ 56.146287][ T8435] lock_acquire+0x1ab/0x510 [ 56.152766][ T8435] _raw_spin_lock_irqsave+0x39/0x50 [ 56.159942][ T8435] input_event+0x7b/0xb0 [ 56.166162][ T8435] psmouse_report_standard_buttons+0x2c/0x80 [ 56.174116][ T8435] psmouse_process_byte+0x1e1/0x890 [ 56.181300][ T8435] psmouse_handle_byte+0x41/0x1b0 [ 56.188311][ T8435] psmouse_interrupt+0x304/0xf00 [ 56.195242][ T8435] serio_interrupt+0x88/0x150 [ 56.201901][ T8435] i8042_interrupt+0x27a/0x520 [ 56.208748][ T8435] __handle_irq_event_percpu+0x303/0x8f0 [ 56.216369][ T8435] handle_irq_event+0x102/0x280 [ 56.223193][ T8435] handle_edge_irq+0x25f/0xd00 [ 56.229940][ T8435] __common_interrupt+0x9d/0x210 [ 56.236859][ T8435] common_interrupt+0x9f/0xd0 [ 56.243512][ T8435] asm_common_interrupt+0x1e/0x40 [ 56.250511][ T8435] acpi_idle_do_entry+0x1c6/0x250 [ 56.257513][ T8435] acpi_idle_enter+0x361/0x500 [ 56.264256][ T8435] cpuidle_enter_state+0x1b1/0xc80 [ 56.271346][ T8435] cpuidle_enter+0x4a/0xa0 [ 56.277750][ T8435] do_idle+0x3e8/0x590 [ 56.283800][ T8435] cpu_startup_entry+0x14/0x20 [ 56.290534][ T8435] start_secondary+0x265/0x340 [ 56.297276][ T8435] secondary_startup_64_no_verify+0xb0/0xbb [ 56.305160][ T8435] INITIAL USE at: [ 56.309440][ T8435] lock_acquire+0x1ab/0x510 [ 56.315842][ T8435] _raw_spin_lock_irqsave+0x39/0x50 [ 56.323668][ T8435] input_inject_event+0xa6/0x320 [ 56.330505][ T8435] led_set_brightness_nosleep+0xe6/0x1a0 [ 56.338449][ T8435] led_set_brightness+0x134/0x170 [ 56.345536][ T8435] led_trigger_event+0x75/0xd0 [ 56.352427][ T8435] kbd_led_trigger_activate+0xc9/0x100 [ 56.359828][ T8435] led_trigger_set+0x61e/0xbd0 [ 56.366482][ T8435] led_trigger_set_default+0x1a6/0x230 [ 56.373827][ T8435] led_classdev_register_ext+0x5b1/0x7c0 [ 56.381345][ T8435] input_leds_connect+0x4bd/0x860 [ 56.388607][ T8435] input_attach_handler+0x180/0x1f0 [ 56.395694][ T8435] input_register_device.cold+0xf0/0x304 [ 56.403271][ T8435] atkbd_connect+0x739/0xa00 [ 56.409753][ T8435] serio_driver_probe+0x72/0xa0 [ 56.416589][ T8435] really_probe+0x23c/0xcd0 [ 56.422981][ T8435] __driver_probe_device+0x338/0x4d0 [ 56.430155][ T8435] driver_probe_device+0x4c/0x1a0 [ 56.437070][ T8435] __driver_attach+0x22d/0x4e0 [ 56.443896][ T8435] bus_for_each_dev+0x147/0x1d0 [ 56.450637][ T8435] serio_handle_event+0x5f6/0xa30 [ 56.457556][ T8435] process_one_work+0x98d/0x1630 [ 56.464383][ T8435] worker_thread+0x658/0x11f0 [ 56.470946][ T8435] kthread+0x3e5/0x4d0 [ 56.476899][ T8435] ret_from_fork+0x1f/0x30 [ 56.483204][ T8435] } [ 56.485851][ T8435] ... key at: [] __key.8+0x0/0x40 [ 56.493202][ T8435] -> (&client->buffer_lock){....}-{2:2} { [ 56.498996][ T8435] INITIAL USE at: [ 56.502952][ T8435] lock_acquire+0x1ab/0x510 [ 56.509177][ T8435] _raw_spin_lock+0x2a/0x40 [ 56.515403][ T8435] evdev_pass_values.part.0+0xf6/0x970 [ 56.522578][ T8435] evdev_events+0x359/0x3e0 [ 56.528813][ T8435] input_to_handler+0x2a0/0x4c0 [ 56.535380][ T8435] input_pass_values.part.0+0x230/0x710 [ 56.542639][ T8435] input_handle_event+0x373/0x1440 [ 56.549462][ T8435] input_inject_event+0x1bd/0x320 [ 56.556203][ T8435] evdev_write+0x430/0x760 [ 56.562334][ T8435] vfs_write+0x28e/0xa40 [ 56.568380][ T8435] ksys_write+0x1ee/0x250 [ 56.574426][ T8435] do_syscall_64+0x35/0xb0 [ 56.580667][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.588272][ T8435] } [ 56.590917][ T8435] ... key at: [] __key.4+0x0/0x40 [ 56.598284][ T8435] ... acquired at: [ 56.602146][ T8435] _raw_spin_lock+0x2a/0x40 [ 56.606808][ T8435] evdev_pass_values.part.0+0xf6/0x970 [ 56.612418][ T8435] evdev_events+0x359/0x3e0 [ 56.617246][ T8435] input_to_handler+0x2a0/0x4c0 [ 56.622249][ T8435] input_pass_values.part.0+0x230/0x710 [ 56.628119][ T8435] input_handle_event+0x373/0x1440 [ 56.633467][ T8435] input_inject_event+0x1bd/0x320 [ 56.638640][ T8435] evdev_write+0x430/0x760 [ 56.643208][ T8435] vfs_write+0x28e/0xa40 [ 56.647604][ T8435] ksys_write+0x1ee/0x250 [ 56.652084][ T8435] do_syscall_64+0x35/0xb0 [ 56.656670][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.662729][ T8435] [ 56.665041][ T8435] -> (&new->fa_lock){....}-{2:2} { [ 56.670137][ T8435] INITIAL READ USE at: [ 56.674436][ T8435] lock_acquire+0x1ab/0x510 [ 56.680911][ T8435] _raw_read_lock+0x5b/0x70 [ 56.687384][ T8435] kill_fasync+0x132/0x460 [ 56.693790][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 56.701331][ T8435] evdev_events+0x359/0x3e0 [ 56.707816][ T8435] input_to_handler+0x2a0/0x4c0 [ 56.714653][ T8435] input_pass_values.part.0+0x230/0x710 [ 56.722173][ T8435] input_handle_event+0x373/0x1440 [ 56.729256][ T8435] input_inject_event+0x1bd/0x320 [ 56.736259][ T8435] evdev_write+0x430/0x760 [ 56.742652][ T8435] vfs_write+0x28e/0xa40 [ 56.748957][ T8435] ksys_write+0x1ee/0x250 [ 56.755263][ T8435] do_syscall_64+0x35/0xb0 [ 56.761660][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.769528][ T8435] } [ 56.772173][ T8435] ... key at: [] __key.0+0x0/0x40 [ 56.779262][ T8435] ... acquired at: [ 56.783036][ T8435] _raw_read_lock+0x5b/0x70 [ 56.787772][ T8435] kill_fasync+0x132/0x460 [ 56.792337][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 56.798291][ T8435] evdev_events+0x359/0x3e0 [ 56.802947][ T8435] input_to_handler+0x2a0/0x4c0 [ 56.807949][ T8435] input_pass_values.part.0+0x230/0x710 [ 56.813644][ T8435] input_handle_event+0x373/0x1440 [ 56.818903][ T8435] input_inject_event+0x1bd/0x320 [ 56.824077][ T8435] evdev_write+0x430/0x760 [ 56.828652][ T8435] vfs_write+0x28e/0xa40 [ 56.833044][ T8435] ksys_write+0x1ee/0x250 [ 56.837521][ T8435] do_syscall_64+0x35/0xb0 [ 56.842088][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.848128][ T8435] [ 56.850427][ T8435] [ 56.850427][ T8435] the dependencies between the lock to be acquired [ 56.850432][ T8435] and HARDIRQ-irq-unsafe lock: [ 56.863984][ T8435] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 56.869355][ T8435] HARDIRQ-ON-R at: [ 56.873310][ T8435] lock_acquire+0x1ab/0x510 [ 56.879441][ T8435] _raw_read_lock+0x5b/0x70 [ 56.885576][ T8435] do_fcntl+0x8af/0x1210 [ 56.891446][ T8435] __x64_sys_fcntl+0x165/0x1e0 [ 56.897835][ T8435] do_syscall_64+0x35/0xb0 [ 56.903880][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.911405][ T8435] SOFTIRQ-ON-R at: [ 56.915367][ T8435] lock_acquire+0x1ab/0x510 [ 56.921499][ T8435] _raw_read_lock+0x5b/0x70 [ 56.927628][ T8435] do_fcntl+0x8af/0x1210 [ 56.933500][ T8435] __x64_sys_fcntl+0x165/0x1e0 [ 56.939888][ T8435] do_syscall_64+0x35/0xb0 [ 56.945949][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.953470][ T8435] INITIAL READ USE at: [ 56.957775][ T8435] lock_acquire+0x1ab/0x510 [ 56.964256][ T8435] _raw_read_lock+0x5b/0x70 [ 56.970735][ T8435] do_fcntl+0x8af/0x1210 [ 56.976957][ T8435] __x64_sys_fcntl+0x165/0x1e0 [ 56.983695][ T8435] do_syscall_64+0x35/0xb0 [ 56.990091][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.997965][ T8435] } [ 57.000449][ T8435] ... key at: [] __key.5+0x0/0x40 [ 57.007761][ T8435] ... acquired at: [ 57.011581][ T8435] lock_acquire+0x1ab/0x510 [ 57.016270][ T8435] _raw_read_lock_irqsave+0x70/0x90 [ 57.021833][ T8435] send_sigio+0x24/0x380 [ 57.026585][ T8435] kill_fasync+0x1ec/0x460 [ 57.031382][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 57.037353][ T8435] evdev_events+0x359/0x3e0 [ 57.042094][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.047219][ T8435] input_pass_values.part.0+0x230/0x710 [ 57.052919][ T8435] input_handle_event+0x373/0x1440 [ 57.058177][ T8435] input_inject_event+0x1bd/0x320 [ 57.063348][ T8435] evdev_write+0x430/0x760 [ 57.067978][ T8435] vfs_write+0x28e/0xa40 [ 57.072391][ T8435] ksys_write+0x1ee/0x250 [ 57.076873][ T8435] do_syscall_64+0x35/0xb0 [ 57.081442][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.087485][ T8435] [ 57.089799][ T8435] [ 57.089799][ T8435] stack backtrace: [ 57.095671][ T8435] CPU: 1 PID: 8435 Comm: syz-executor640 Not tainted 5.14.0-rc7-syzkaller #0 [ 57.104406][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.114440][ T8435] Call Trace: [ 57.117702][ T8435] dump_stack_lvl+0xcd/0x134 [ 57.122272][ T8435] check_irq_usage.cold+0x4c1/0x6b0 [ 57.127451][ T8435] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 57.134976][ T8435] ? kernel_text_address+0xbd/0xf0 [ 57.140068][ T8435] ? check_path.constprop.0+0x24/0x50 [ 57.145416][ T8435] ? pv_hash+0x100/0x100 [ 57.149655][ T8435] ? register_lock_class+0xb7/0x10c0 [ 57.154918][ T8435] ? lockdep_lock+0x1b7/0x200 [ 57.159574][ T8435] ? call_rcu_zapped+0xb0/0xb0 [ 57.164318][ T8435] __lock_acquire+0x2a1f/0x54a0 [ 57.169150][ T8435] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.175107][ T8435] lock_acquire+0x1ab/0x510 [ 57.179586][ T8435] ? send_sigio+0x24/0x380 [ 57.183995][ T8435] ? lock_release+0x720/0x720 [ 57.188658][ T8435] ? lock_release+0x720/0x720 [ 57.193310][ T8435] ? lock_release+0x720/0x720 [ 57.197963][ T8435] _raw_read_lock_irqsave+0x70/0x90 [ 57.203316][ T8435] ? send_sigio+0x24/0x380 [ 57.207715][ T8435] send_sigio+0x24/0x380 [ 57.211955][ T8435] kill_fasync+0x1ec/0x460 [ 57.216350][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 57.221881][ T8435] ? evdev_release+0x410/0x410 [ 57.226627][ T8435] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.232329][ T8435] evdev_events+0x359/0x3e0 [ 57.236810][ T8435] ? evdev_pass_values.part.0+0x970/0x970 [ 57.242509][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.247342][ T8435] input_pass_values.part.0+0x230/0x710 [ 57.252865][ T8435] input_handle_event+0x373/0x1440 [ 57.257954][ T8435] input_inject_event+0x1bd/0x320 [ 57.262955][ T8435] evdev_write+0x430/0x760 [ 57.267354][ T8435] ? evdev_read+0xe40/0xe40 [ 57.271851][ T8435] ? security_file_permission+0x248/0x560 [ 57.277568][ T8435] ? evdev_read+0xe40/0xe40 [ 57.282049][ T8435] vfs_write+0x28e/0xa40 [ 57.286273][ T8435] ksys_write+0x1ee/0x250 [ 57.290583][ T8435] ? __ia32_sys_read+0xb0/0xb0 [ 57.295340][ T8435] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.301214][ T8435] do_syscall_64+0x35/0xb0 [ 57.305608][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.311478][ T8435] RIP: 0033:0x443589 [ 57.315348][ T8435] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.335167][ T8435] RSP: 002b:00007ffc8024cb98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.343561][ T8435] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443589 [ 57.35